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@ A data security arrangement is provided to 
protect configuration data to be stored in static 
random access memories (38) in semiconduc- 
tor programmable logic devices PLD. The con- 
figuration data, which is vulnerable to illegal 
duplication, is normally held in a read only 
memory ROM. typically an erasable programnv 
able read only memory. 

A data coding means is provided to code the 
configuration data to be loaded to the PLD and 
a data decoding means is provided in the PLD 
to decode the coded configuration data. The 
coding and decoding means each incorporate 
maximal length shift registers (12, 25) which 
generate a pseudo-random sequence of bits. A 
key value is input to the shift register (12) in the 
coding means forcing it to start at a particular 
point in the sequence. The output (bits 828 and 
B31) of this register is combined in an EX- 
CLUSIVE-OR gate (20) with configuration data 
and coded data is written to the read only 
memory ROM (24). The decoding means in the 
PLD has a corresponding key value held in a 
non-volatile memory (28) in the PLD. This is 
applied to the register (25) of the decoding 
means whose output (bits B28 and B31) are 
combined in an EXCLUSIVE-OR GATE (34) with 
coded configuration data CDIC read from the 
ROM (24) to produce decoded configuration 
data CDOD to be sotred in the memories (38). 
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The present invention relates to data security ar- 
rangements for semiconductor programmable logic 
devices. 

The invention finds particular utility in semicon- 
ductor programmable logic devices (PLDs) of the type 
including an associated storage means e.g. a static 
random access memory (SRAM) in which circuit con- 
figuration data, necessary for the device to operate, 
is retained. 

It is well known that prior to a PLD being loaded 
with appropriate circuit configuration data, such data 
is normally held in an external storage medium e.g. an 
erasable programmable read only memory (EPROM). 
A disadvantage of the present circuit configuration 
data loading arrangements to the PLD is that a copy 
can be readily taken and as a consequence valuable 
and sensitive circuit information can be easily and il- 
legally duplicated. It is extremely desirable, therefore, 
to protect circuit information from being copied. 

An aim of this invention Is to overcome this dis- 
advantage by the provision of a data security ar- 
rangement for loading conflguratton data which pre- 
vents illegal duplication of such circuit Information. 

According to the present invention, there is pro- 
vided a data security arrangement for a semiconduc- 
tor programmable logic device comprising data cod- 
ing means, first storage means, and incorporated 
within the programmable logic device, data decoding 
means together with associated second storage 
means, wherein the data coding means codes origi- 
nating operating data, and the first storage means 
stores the coded originating operating data and 
wherein the data decoding means decodes the coded 
originating operating data read from the first storage 
means into the originating operating data form prior 
to loading to the associated second storage means. 

Preferably the data coding means and the data 
decoding means each include a pseudo-random se- 
quence generator constituted by a 31-bit maximal 
length shift register having a preload input and a 
DATA input, the shift register generating a pseudo- 
random sequence equivalent to 2,147,483,647 bits in 
overall length. 

Preferably bit 28 and bit 31 outputs of the maxi- 
mal length shift register are Input to an EXCLUSIVE- 
OR logic function whose output is connected to the 
DATA input of the maximal length shift register. 

The maximal length shift register is preferably 
forced to start the pseudo-random sequence at a par- 
ticular point in the sequence by the application of a 
predetermined sequence start code constituted by a 
31 -bit "key value" to the preload input 

The application of the sequence start code to the 
maximal length shift register in the data coding 
means may be input from a keyboard or from a secure 
file, whereas the application of the sequence start 
code to the maximal shift register in the data decod- 
ing means is preferably input from a non-volatile 



memory within the programmable logic device. 

The data employed to enable the programmable 
logic device to operate is preferably circuit configura- 
tion data and it is arranged in the data coding means 

5 for the circuit conf iguration data and the pseudo-ran- 
dom sequence to be input to an EXCLUSIVE-OR logic 
function to provide an output of coded circuit config- 
uration data. 

Preferably in the data decoding means the pseu- 

10 do-random sequence and the coded circuit configur- 
ation data are input to an EXCLUSIVE-OR logic func- 
tion to provide an output of decoded circuit configur- 
ation data. 

The first storage means may be constituted by a 
15 read only memory, whereas the associated second 
storage means is constituted by static random access 
memories. 

The invention will be more readily understood 
from the following description of an exemplary em- 

20 bodiment which should be read in conjunction with 
the accompanying drawing. 

The drawing illustrates a block schematic circuit 
diagram of the data security arrangements in accor- 
dance with this invention, 

25 Referring to the drawing, a programmable logic 

device 11 is represented by the block designated 
PLD. To facilitate security of data loaded to the PLD, 
a data coding means is provided to code circuit con- 
figuration data, termed originating operating data, 

30 which is to be loaded to the PLD, and similarly a cor- 
responding data decoding means is provided in the 
PLD to decode the coded circuit configuration data in 
the PLD. 

Referring to the data coding means in more de- 
35 tail, a particular form of shift register 12 is provided 
which generates a maximal length pseudo-random 
output string. This type of shift register is known as a 
"maximal length shift register* and in the present ap- 
plication the overall length of the pseudo-random se- 
40 quence is arranged to be equivalent to 2,147,483,647 
bits (see CMOS COOK BOOK by Don Lancaster pa- 
ges 318-323, published by Howard W Sams Corp 
1980). 

This is achieved by feeding back to a DATA input 
45 13 of the register, particular outputs 14 and 15 of the 
register in a particular manner. In this instance both 
outputs 14, 15 which provide bits B28 and 831 are in- 
put to an EXCLUSIVE-OR gate 16 and the output of 
this gate is input to the DATA input 13. Providing the 
50 register 1 2 is continuously driven by a clock input sig- 
nal 17, the generated pseudo-random sequence is 
continuously repeated. 

In the data coding means the register 12 is pre- 
loaded (in parallel form) with a predetermined one of 
55 different "key values", each of 31 bits, typically input 
to a preload input 18 by way of a keyboard 19 or al- 
ternatively from a secure file. The "key value" which 
may be termed a sequence start code, forces the 



2 



3 EP 0 536 943 A2 ^4 



shift register 12 to start the pseudo-random se- 
quence at a particular point in the sequence and 
thereby recreate an identical sequence at any time as 
required. 

The pseudo-random sequence output from the 
EXCLUSIVE-OR gate 1 6 is input at 21 to a further EX- 
CLUSiVE-OR gate 20. Circuit configuration data GDI 
(generated from circuit configuration layout software) 
which is to be coded is input at 22 to the gate 20. The 
output 23 from the EXCLUSIVE-OR gate 20 gener- 
ates coded circuit configuration data CDOC. 

The coded circuit configuration data CDOC is 
output from gate 20 to a first storage means 24, typi- 
cally, a read only memory, where it is held until re- 
quired by the programmable logic device 11. The cir- 
cuit configuration data now stored in the first storage 
medium 24 is coded and secure, and if copied in this 
form would not yield any useful circuit Information to 
the data copier. 

To make use of the circuit configuration data in 
the programmable logic device 11 when it is read from 
the first storage medium 24, the data needs to be re- 
produced in its original form and this is achieved by 
data decoding means. 

The data decoding means is required to regener- 
ate the same pseudo-random sequence of bits as 
was employed in the data coding means. Accordingly, 
the programmable logic device 11 incorporates a 31- 
bit maximal length shift register 25 of the same form 
as the register 12 employed in the data coding 
means. 

For decoding to be accurate and effective the 
shift register 25 must commence its pseudo-random 
sequence at the corresponding point at which the 
shift register 12 commenced its sequence. According- 
ly the identical predetermined 31 -bit "key-value" or 
sequence start code which was used to start register 
12 must be applied, in parallel form, to a preload input 
26 of the register 25 to force it to start its sequence 
at the same point in the sequence as register 12, and 
thereby genrate an identical paseudo-random se- 
quence. 

The required 31 -bit "key value" is input at 27 and 
stored in a form of non-volatile memory on the PLD 
11, for example, an EPROM 28 or fusible links. 

The shift register 25 operates in a manner similar 
to shift register 12, the output bits B28 and B31 being 
input to an EXCLUSIVE-OR gate 29 whose output is 
fed to the DATA input 30 of the register. The register 
25 is driven by the clock signal CLK input at 32. 

The pseudo-random sequence output from EX- 
CLUSIVE-OR gate 29 forms an input 33 to a further 
EXCLUSIVE-OR gate 34 and coded circuit configur- 
ation data CDIC which is output from the first storage 
means 24 on line 35 forms a second input 36 to the 
gate 34. 

The EXCLUSIVE-OR function of the gate 34 
upon its two signal-inputs produces an output 37, in 



serial form, of the originating operating data (the cir- 
cuit configuration data). This originating operating 
data is now available for use within the programmable 
logic device PLD, for instance, loading into associat- 
5 ed second storage means in the form of static random 
access memories SRAM 38. 



Claims 
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1. A data security arrangementfor a semiconductor 
programmable logic device (11) characterised by 
the data security arrangement comprising data 
coding means, first storage means (24), and in- 

15 corporated within the programmable logic device 

(11), data decoding means together with assocH 
ated second storage means (38), wherein the 
data coding means codes originating operating 
data (22), and the first storage means (24) stores 

20 ~ the coded originating operating data (23) and 
wherein the data decoding means decodes the 
coded originating operating data (35) read from 
the first storage means (24) into the originating 
operating data from (22) prior to loading to the as- 

25 sociated second storage means (38). 

2. A data security arrangement as claimed in claim 

1, wherein the data coding means and the data 
decoding means each include a pseudo-random 

30 sequence generator. 

3. A data security arrangement as claimed in claim 

2, wherein the pseudo-random sequence gener- 
ator is constituted by a 31-bit maximal length shift 

35 register (12,25) which generates a pseudo-ran- 

dom sequence equivalent to 2,147.483,647 bits 
in overall length. 

4. A data security arrangement as claimed in claim 
40 3, wherein the maximal length shift register 

(12,25) has a preload input and a DATA input 

5. A data security arrangement as claimed in claim 
4, wherein bit 28 and bit 31 outputs of the maxi- 

45 mal length shift register (12,25) are input to an 
EXCLUSIVE-OR logic function (16,29) whose 
output is connected to the DATA input of the max- 
imal length shift register (12,25). 

so 6. A data security arrangement as claimed in claim 
4 or claim 5, wherein the maximal length shift reg- 
ister (12, 25) is forced to start the pseudo-random 
sequence at a particular point in the sequence by 
the application of a predetermined sequence 

55 start code constituted by a 31 -bit "key-value" to 

the preload input (18,26). 

7. A data security arrangement as claimed in claim 
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6, wherein the application of the sequence start 
code to the maximal length shift register (12) in 
the data coding means is input from a keyboard 
(19) or from a secure file. 

8. A data security arrangement as claimed in claim 
6 or claim 7, wherein the application of the se- 
quence start code to the maximal shift register 
(25) in the data decoding means is input from a 
non-volatile memory (28) within the programma- 
ble logic device. 
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9. A data security arrangement as claimed in any 
one claim from claim 3 to claim 8, wherein the 
originating operating data (22) is circuit conf igur- is 
ation data and wherein in the data coding means 

the circuit configuration data and the pseudo- 
random sequence are input to an EXCLUSIVE- 
OR logic function (16,20) which outputs coded 
circuit configuration data. 20 

10. A data security arrangement as claimed In claim 
9, wherein the pseudo-random sequence and the 
coded circuit configuration data (35) are input to 

an EXCLUSIVE-OR logic function (29,34) in the 25 
data decoding means to provide an output of de- 
coded circuit configuration data. 

11. A data security arrangement as claimed in any 

one preceding claim, wherein the first storage 30 
means is constituted by a read only memory (24). 

12. A data security arrangement as claimed In claim 
11, wherein the associated second storage 
means is constituted by static random access 35 
memories (38). 4 
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